https://www.funtoo.org/api.php?action=feedcontributions&user=78.98.72.182&feedformat=atomFuntoo - User contributions [en]2024-03-19T13:49:38ZUser contributionsMediaWiki 1.36.2https://www.funtoo.org/index.php?title=Linux_Containers&diff=1687Linux Containers2013-09-24T07:20:19Z<p>78.98.72.182: /* Basic Info */</p>
<hr />
<div>Linux Containers, or LXC, is a Linux feature that allows Linux to run one or more isolated virtual systems (with their own network interfaces, process namespace, user namespace, and power state) using a single Linux kernel on a single server. <br />
<br />
== Status ==<br />
<br />
As of Linux kernel 3.1.5, LXC is usable for isolating your own private workloads from one another. It is not yet ready to isolate potentially malicious users from one another or the host system. For a more mature containers solution that is appropriate for hosting environments, see [[OpenVZ]].<br />
<br />
LXC containers don't yet have their own system uptime, and they see everything that's in the host's <tt>dmesg</tt> output, among other things. But in general, the technology works.<br />
<br />
== Basic Info ==<br />
<br />
<br />
* Linux Containers are based on:<br />
** Kernel namespaces for resource isolation<br />
** CGroups for resource limitation and accounting<br />
<br />
app-emulation/lxc are userspace tools for Linux containers<br />
<br />
== Control groups ==<br />
<br />
* Control groups (cgroups) in kernel since 2.6.24<br />
** Allows aggregation of tasks and their children<br />
** Subsystems (cpuset, memory, blkio,...)<br />
** accounting - to measure how much resources certain systems use<br />
** resource limiting - groups can be set to not exceed a set memory limit<br />
** prioritization - some groups may get a larger share of CPU<br />
** control - freezing/unfreezing of cgroups, checkpointing and restarting<br />
** No disk quota limitation ( -> image file, LVM, XFS, directory tree quota,...)<br />
<br />
== Subsystems ==<br />
<br />
<console><br />
# cat /proc/cgroups <br />
subsys_name hierarchy num_cgroups enabled<br />
cpuset <br />
cpu <br />
cpuacct <br />
memory <br />
devices <br />
freezer <br />
blkio <br />
perf_event<br />
hugetlb<br />
</console><br />
<br />
#cpuset -> limits tasks to specific CPU/CPUs<br />
#cpu -> CPU shares<br />
#cpuacct -> CPU accounting<br />
#memory -> memory and swap limitation and accounting<br />
#devices -> device allow deny list<br />
#freezer -> suspend/resume tasks<br />
#blkio -> I/O priorization (weight, throttle, ...)<br />
#perf_event -> support for per-cpu per-cgroup monitoring [http://lwn.net/Articles/421574/ perf_events]<br />
#hugetlb -> cgroup resource controller for HugeTLB pages [http://lwn.net/Articles/499255/ hugetlb]<br />
<br />
== Configuring the Funtoo Host System ==<br />
<br />
=== Install LXC kernel ===<br />
Any kernel beyond 3.1.5 will probably work. Personally I prefer the sys-kernel/gentoo-sources-3.4.9 as these have support for all the namespaces without sacrificing the xfs, FUSE or NFS support for example. These checks were introduced later starting from kernel 3.5, this could also mean that the user namespace is not working optimally.<br />
<br />
* User namespace (EXPERIMENTAL) depends on EXPERIMENTAL and on UIDGID_CONVERTED<br />
** config UIDGID_CONVERTED<br />
*** True if all of the selected software components are known to have uid_t and gid_t converted to kuid_t and kgid_t where appropriate and are otherwise safe to use with the user namespace.<br />
**** Networking - depends on NET_9P = n<br />
**** Filesystems - 9P_FS = n, AFS_FS = n, AUTOFS4_FS = n, CEPH_FS = n, CIFS = n, CODA_FS = n, FUSE_FS = n, GFS2_FS = n, NCP_FS = n, NFSD = n, NFS_FS = n, OCFS2_FS = n, XFS_FS = n<br />
**** Security options - Grsecurity - GRKERNSEC = n (if applicable)<br />
<br />
** As of 3.10.xx kernel, all of the above options are safe to use with User namespaces, except for XFS_FS, therefore with kernel >=3.10.xx, you should answer XFS_FS = n, if you want User namespaces support.<br />
<br />
==== Kernel configuration ====<br />
These options should be enable in your kernel to be able to take full advantage of LXC.<br />
<br />
* General setup<br />
** CONFIG_NAMESPACES<br />
*** CONFIG_UTS_NS<br />
*** CONFIG_IPC_NS<br />
*** CONFIG_PID_NS<br />
*** CONFIG_NET_NS<br />
*** CONFIG_USER_NS<br />
** CONFIG_CGROUPS<br />
*** CONFIG_CGROUP_DEVICE<br />
*** CONFIG_CGROUP_SCHED<br />
*** CONFIG_CGROUP_CPUACCT<br />
*** CONFIG_CGROUP_MEM_RES_CTLR (in 3.6+ kernels it's called CONFIG_MEMCG)<br />
*** CONFIG_CGROUP_MEM_RES_CTLR_SWAP (in 3.6+ kernels it's called CONFIG_MEMCG_SWAP)<br />
*** CONFIG_CPUSETS (on multiprocessor hosts)<br />
* Networking support<br />
** Networking options<br />
*** CONFIG_VLAN_8021Q<br />
* Device Drivers<br />
** Character devices<br />
*** Unix98 PTY support<br />
**** CONFIG_DEVPTS_MULTIPLE_INSTANCES<br />
** Network device support<br />
*** Network core driver support<br />
**** CONFIG_VETH<br />
**** CONFIG_MACVLAN<br />
<br />
Once you have lxc installed, you can then check your kernel config with:<br />
<console><br />
# ##i##CONFIG=/path/to/config /usr/sbin/lxc-checkconfig<br />
</console><br />
<br />
=== Emerge lxc ===<br />
<console><br />
# ##i##emerge -av app-emulation/lxc<br />
</console><br />
=== Configure Networking For Container ===<br />
<br />
Typically, one uses a bridge to allow containers to connect to the network. This is how to do it under Funtoo Linux:<br />
<br />
# create a bridge using the Funtoo network configuration scripts. Name the bridge something like <tt>brwan</tt> (using <tt>/etc/init.d/netif.brwan</tt>). Configure your bridge to have an IP address.<br />
# Make your physical interface, such as <tt>eth0</tt>, an interface with no IP address (use the Funtoo <tt>interface-noip</tt> template.)<br />
# Make <tt>netif.eth0</tt> a slave of <tt>netif.brwan</tt> in <tt>/etc/conf.d/netif.brwan</tt>.<br />
# Enable your new bridged network and make sure it is functioning properly on the host.<br />
<br />
You will now be able to configure LXC to automatically add your container's virtual ethernet interface to the bridge when it starts, which will connect it to your network.<br />
<br />
== Setting up a Funtoo Linux LXC Container ==<br />
<br />
Here are the steps required to get Funtoo Linux running <i>inside</i> a container. The steps below show you how to set up a container using an existing Funtoo Linux OpenVZ template. It is now also possible to use [[Metro]] to build an lxc container tarball directly, which will save you manual configuration steps and will provide an <tt>/etc/fstab.lxc</tt> file that you can use for your host container config. See [[Metro Recipes]] for info on how to use Metro to generate an lxc container.<br />
<br />
=== Create and Configure Container Filesystem ===<br />
<br />
# Start with a Funtoo LXC template, and unpack it to a directory such as <tt>/lxc/funtoo0/rootfs/</tt><br />
# Create an empty <tt>/lxc/funtoo0/fstab</tt> file<br />
# Ensure <tt>c1</tt> line is uncommented (enabled) and <tt>c2</tt> through <tt>c6</tt> lines are disabled in <tt>/lxc/funtoo0/rootfs/etc/inittab</tt><br />
<br />
That's almost all you need to get the container filesystem ready to start.<br />
<br />
=== Create Container Configuration Files ===<br />
<br />
Create the following files:<br />
<br />
==== <tt>/lxc/funtoo0/config</tt> ====<br />
<br />
<br />
and also create symlink from<br />
==== <tt> /lxc/funtoo0/config to /etc/lxc/funtoo0.conf </tt> ====<br />
<console><br />
ln -s /lxc/funtoo0/config /etc/lxc/funtoo0.conf<br />
</console><br />
<br />
{{fancynote|Daniel Robbins needs to update this config to be more in line with http://wiki.progress-linux.org/software/lxc/ -- this config appears to have nice, refined device node permissions and other goodies. // note by Havis to Daniel, this config is already superior.}}<br />
<br />
<br />
Read "man 5 lxc.conf" , to get more information about linux container configuration file.<br />
<pre><br />
## Container<br />
lxc.utsname = funtoo0<br />
lxc.rootfs = /lxc/funtoo0/rootfs/<br />
lxc.arch = x86_64<br />
#lxc.console = /var/log/lxc/funtoo0.console # uncomment if you want to log containers console<br />
lxc.tty = 6 # if you plan to use container with physical terminals (eg F1..F6)<br />
#lxc.tty = 0 # set to 0 if you dont plan to use the container with physical terminal, also comment out in your containers /etc/inittab c1 to c6 respawns (e.g. c1:12345:respawn:/sbin/agetty 38400 tty1 linux)<br />
lxc.pts = 1024<br />
<br />
<br />
## Capabilities<br />
lxc.cap.drop = audit_control<br />
lxc.cap.drop = audit_write<br />
lxc.cap.drop = mac_admin<br />
lxc.cap.drop = mac_override<br />
lxc.cap.drop = mknod<br />
lxc.cap.drop = setfcap<br />
lxc.cap.drop = setpcap<br />
lxc.cap.drop = sys_admin<br />
lxc.cap.drop = sys_boot<br />
#lxc.cap.drop = sys_chroot # required by SSH<br />
lxc.cap.drop = sys_module<br />
#lxc.cap.drop = sys_nice<br />
lxc.cap.drop = sys_pacct<br />
lxc.cap.drop = sys_rawio<br />
lxc.cap.drop = sys_resource<br />
lxc.cap.drop = sys_time<br />
#lxc.cap.drop = sys_tty_config # required by getty<br />
<br />
## Devices<br />
# Allow all devices<br />
#lxc.cgroup.devices.allow = a<br />
# Deny all devices<br />
lxc.cgroup.devices.deny = a<br />
# Allow to mknod all devices (but not using them)<br />
lxc.cgroup.devices.allow = c *:* m<br />
lxc.cgroup.devices.allow = b *:* m<br />
<br />
# /dev/console<br />
lxc.cgroup.devices.allow = c 5:1 rwm<br />
# /dev/fuse<br />
lxc.cgroup.devices.allow = c 10:229 rwm<br />
# /dev/null<br />
lxc.cgroup.devices.allow = c 1:3 rwm<br />
# /dev/ptmx<br />
lxc.cgroup.devices.allow = c 5:2 rwm<br />
# /dev/pts/*<br />
lxc.cgroup.devices.allow = c 136:* rwm<br />
# /dev/random<br />
lxc.cgroup.devices.allow = c 1:8 rwm<br />
# /dev/rtc<br />
lxc.cgroup.devices.allow = c 254:0 rwm<br />
# /dev/tty<br />
lxc.cgroup.devices.allow = c 5:0 rwm<br />
# /dev/urandom<br />
lxc.cgroup.devices.allow = c 1:9 rwm<br />
# /dev/zero<br />
lxc.cgroup.devices.allow = c 1:5 rwm<br />
<br />
## Limits#<br />
lxc.cgroup.cpu.shares = 1024<br />
lxc.cgroup.cpuset.cpus = 0 # limits container to CPU0<br />
lxc.cgroup.memory.limit_in_bytes = 512M<br />
lxc.cgroup.memory.memsw.limit_in_bytes = 1G<br />
lxc.cgroup.blkio.weight = 500<br />
<br />
## Filesystem<br />
#lxc.mount = /lxc/funtoo0/fstab # container fstab should be outside it's rootfs dir (e.g. /lxc/funtoo0/fstab is ok, but /lxc/funtoo0/rootfs/etc/fstab is wrong!!!)<br />
#lxc.mount.entry is now prefered<br />
lxc.mount.entry = proc /lxc/funtoo0/rootfs/proc proc nodev,noexec,nosuid 0 0<br />
lxc.mount.entry = sysfs /lxc/funtoo0/rootfs/sys sysfs defaults,ro 0 0<br />
lxc.mount.entry = tmpfs /lxc/funtoo0/rootfs/tmp tmpfs defaults,size=128m,nodev,nosuid 0 0<br />
lxc.mount.entry = tmpfs /lxc/funtoo0/rootfs/run tmpfs defaults,size=1g,mode=0755,nosuid 0 0<br />
##Example of having /var/tmp/portage as tmpfs in container <br />
#lxc.mount.entry = tmpfs /lxc/funtoo0/rootfs/var/tmp/portage tmpfs defaults,size=8g,uid=250,gid=250,mode=0775 0 0<br />
##Example of bind mount<br />
#lxc.mount.entry = /srv/funtoo0 /lxc/funtoo0/rootfs/srv/funtoo0 none defaults,bind 0 0<br />
<br />
## Network<br />
lxc.network.type = veth<br />
lxc.network.flags = up<br />
lxc.network.hwaddr = #put your MAC address here, otherwise you will get a random one<br />
lxc.network.link = br0<br />
lxc.network.name = eth0<br />
#lxc.network.veth.pair = veth-example<br />
</pre><br />
<br />
Read "man 7 capabilities" to get more information aboout Linux capabilities.<br />
<br />
Above, use the following command to generate a random MAC for <tt>lxc.network.hwaddr</tt>:<br />
<br />
<pre><br />
# openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'<br />
</pre><br />
<br />
It is a very good idea to assign a static MAC address to your container using <tt>lxc.network.hwaddr</tt>. If you don't, LXC will auto-generate a new random MAC every time your container starts, which may confuse network equipment that expects MAC addresses to remain constant.<br />
<br />
It might happen from case to case that you aren't able to start your LXC Container with the above generated MAC address so for all these who run into that problem here is a little script that connects your IP for the container with the MAC address. Just save the following code as <tt>/etc/lxc/hwaddr.sh</tt>, make it executable and run it like <tt>/etc/lxc/hwaddr.sh xxx.xxx.xxx.xxx</tt> where xxx.xxx.xxx.xxx represents your Container IP.<br />
<br />
<pre><br />
#!/bin/sh<br />
IP=$*<br />
HA=`printf "02:00:%x:%x:%x:%x" ${IP//./ }`<br />
echo $HA<br />
</pre><br />
<br />
==== <tt>/lxc/funtoo0/fstab</tt> ====<br />
Note: it is now preferable to have mount entries directly in config file instead of separate fstab<br />
<br />
<pre><br />
none /lxc/funtoo0/dev/pts devpts defaults 0 0<br />
none /lxc/funtoo0/proc proc defaults 0 0<br />
none /lxc/funtoo0/sys sysfs defaults 0 0<br />
none /lxc/funtoo0/dev/shm tmpfs nodev,nosuid,noexec,mode=1777,rw 0 0<br />
</pre><br />
<br />
== Initializing and Starting the Container ==<br />
<br />
You will probably need to set the root password for the container before you can log in. You can use chroot to do this quickly:<br />
<br />
<pre><br />
# chroot /lxc/funtoo0/rootfs<br />
(chroot) # passwd<br />
New password: XXXXXXXX<br />
Retype new password: XXXXXXXX<br />
passwd: password updated successfully<br />
# exit<br />
</pre><br />
<br />
Now that the root password is set, run:<br />
<br />
<pre><br />
# lxc-start -n funtoo0 -d<br />
</pre><br />
<br />
The <tt>-d</tt> option will cause it to run in the background.<br />
<br />
To attach to the console:<br />
<br />
<pre><br />
# lxc-console -n funtoo0<br />
</pre><br />
<br />
You should now be able to log in and use the container. In addition, the container should now be accessible on the network.<br />
<br />
To directly attach to container:<br />
<br />
<pre><br />
# lxc-attach -n funtoo0<br />
</pre><br />
<br />
To stop the container:<br />
<br />
<pre><br />
# lxc-stop -n funtoo0<br />
</pre><br />
<br />
Ensure that networking is working from within the container while it is running, and you're good to go!<br />
<br />
== Starting LXC container during host boot ==<br />
<br />
# You need to create symlink in /etc/init.d/ to /etc/init.d/lxc, so that it reflects your container.<br />
# ln -s /etc/init.d/lxc /etc/init.d/lxc.funtoo0<br />
# now you can add lxc.funtoo0 to default runlevel<br />
# rc-update add lxc.funtoo0 default<br />
<console><br />
# rc<br />
* Starting funtoo0 ... [ ok ]<br />
</console><br />
<br />
== LXC Bugs/Missing Features ==<br />
<br />
This section is devoted to documenting issues with the current implementation of LXC and its associated tools. We will be gradually expanding this section with detailed descriptions of problems, their status, and proposed solutions.<br />
<br />
=== reboot ===<br />
<br />
By default, lxc does not support rebooting a container from within. It will simply stop and the host will not know to start it.<br />
<br />
=== PID namespaces ===<br />
<br />
Process ID namespaces are functional, but the container can still see the CPU utilization of the host via the system load (ie. in <tt>top</tt>).<br />
<br />
=== /dev/pts newinstance ===<br />
<br />
* Some changes may be required to the host to properly implement "newinstance" <tt>/dev/pts</tt>. See [https://bugzilla.redhat.com/show_bug.cgi?id=501718 This Red Hat bug].<br />
<br />
=== lxc-create and lxc-destroy ===<br />
<br />
* LXC's shell scripts are badly designed and are sure way to destruction, avoid using lxc-create and lxc-destroy.<br />
<br />
=== network initialization and cleanup ===<br />
<br />
* If used network.type = phys after lxc-stop the interface will be renamed to value from lxc.network.link. It supposed to be fixed in 0.7.4, happens still on 0.7.5 - http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg01760.html<br />
<br />
* Re-starting a container can result in a failure as network resource are tied up from the already-defunct instance: [http://www.mail-archive.com/lxc-devel@lists.sourceforge.net/msg00824.html]<br />
<br />
=== lxc-halt ===<br />
<br />
* Missing tool to graceful shutdown container. 'lxc-halt' should be written and be posix sh-compatible, using lxc-execute to run halt in container.<br />
<br />
=== funtoo ===<br />
<br />
* Our udev should be updated to contain <tt>-lxc</tt> in scripts. (This has been done as of 02-Nov-2011, so should be resolved. But not fixed in our openvz templates, so need to regen them in a few days.)<br />
* Our openrc should be patched to handle the case where it cannot mount tmpfs, and gracefully handle this situation somehow. (Work-around in our docs above, which is to mount tmpfs to <tt>/libexec/rc/init.d</tt> using the container-specific <tt>fstab</tt> file (on the host.)<br />
* Emerging udev within a container can/will fail when realdev is run, if a device node cannot be created (such as /dev/console) if there are no mknod capabilities within the container. This should be fixed.<br />
<br />
== References ==<br />
<br />
* <tt>man 7 capabilities</tt><br />
* <tt>man 5 lxc.conf</tt><br />
<br />
== Links ==<br />
<br />
* There are a number of additional lxc features that can be enabled via patches: [http://lxc.sourceforge.net/patches/linux/3.0.0/3.0.0-lxc1/]<br />
* [https://wiki.ubuntu.com/UserNamespace Ubuntu User Namespaces page]<br />
* lxc-gentoo setup script [https://github.com/globalcitizen/lxc-gentoo on GitHub]<br />
<br />
* '''IBM developerWorks'''<br />
** [http://www.ibm.com/developerworks/linux/library/l-lxc-containers/index.html LXC: Linux Container Tools]<br />
** [http://www.ibm.com/developerworks/linux/library/l-lxc-security/ Secure Linux Containers Cookbook]<br />
<br />
* '''Linux Weekly News'''<br />
** [http://lwn.net/Articles/244531/ Smack for simplified access control]<br />
<br />
[[Category:Labs]]<br />
[[Category:HOWTO]]<br />
[[Category:Virtualization]]</div>78.98.72.182https://www.funtoo.org/index.php?title=Funtoo_Linux_Kernels&diff=1514Funtoo Linux Kernels2013-09-21T19:05:59Z<p>78.98.72.182: /* Overview of Kernels */</p>
<hr />
<div>This Section will give you an overview of kernels used in funtoo.<br />
<br />
Funtoo Linux provides a number of new kernels for your use. This is the official page for all Funtoo Linux kernel information. <br />
<br />
Some points of interest:<br />
<br />
* Most Funtoo Linux kernels support the handy <tt>[[#Binary USE|binary]]</tt> USE flag, described below.<br />
* Funtoo Linux offers quality kernels from other Linux Distributions, like <tt>ubuntu-server</tt> and <tt>debian-sources</tt>.<br />
* A detailed [[#Kernel Features and Stability|Kernel Features and Stability]] table can be found below.<br />
* Advanced users may want to take a look at [[Additional Kernel Resources]].<br />
* There is a quick'n dirty howto to compile your own [[kernel]] with initramfs the funtoo way.<br />
<br />
== Overview of Kernels ==<br />
<br />
=== sysrescue-std-sources ===<br />
<br />
This kernel is from the [http://www.sysresccd.org SystemRescueCD project], and is based on Fedora 14/15, plus some other patches related to booting from a live CD. It is a quality kernel, and is generally pretty stable. It is not suitable for production servers but is a good choice for Funtoo Linux desktops. Earlier,the [[Funtoo Linux Installation]] Guide recommended this kernel for general users, but now 'debian-sources' is recommended. Note however, that by design all audio functions are removed from SystemRescue, ie no sound when using this kernel.<br />
<br />
=== vanilla-sources ===<br />
<br />
This will install the "vanilla" (unmodified) Linux kernel sources. Current recommended version is 3.x. Funtoo Linux fully supports Linux 3.x. The advantages of this kernel include recent improvements to [[Linux Containers]], a very modern networking stack with lots of bug fixes, and high reliability for desktops and servers. The downside is that this kernel must be manually configured by the user and does not have built-in <tt>genkernel</tt> support via the <tt>binary</tt> USE flag at this time.<br />
<br />
=== gentoo-sources ===<br />
<br />
This kernel tree is based on stable kernels from [https://www.kernel.org/ kernel.org] with genpatches applied [http://dev.gentoo.org/~mpagano/genpatches/about.htm genpatches].<br />
Gentoo patchset aims to support the entire range of Gentoo-supported architectures. List of available genpatched kernels: [http://dev.gentoo.org/~mpagano/genpatches/kernels.htm genpatches-kernels]<br />
<br />
=== openvz-rhel6-stable ===<br />
<br />
This is a RHEL6-based kernel with OpenVZ support. This kernel is now the preferred kernel for production OpenVZ deployments. It requires gcc-4.4.5 to build, which it will use automatically without the user needing to use <tt>gcc-config</tt>. We use this version of gcc since this is the version of gcc used by Red Hat to build this kernel.<br />
<br />
=== openvz-rhel5-stable ===<br />
<br />
This kernel is based on the latest Red Hat Enterprise Linux 5.6 kernel, and contains additional OpenVZ (virtual containers) patches from the [[OpenVZ on Funtoo Linux|OpenVZ]] project. It is a very stable and reliable kernel, and is recommended for use in production environments. The only major downside to this kernel is that it is based on Linux 2.6.18 -- some parts of the kernel are out-of-date, and it is not compatible with modern versions of udev. However, it is pretty trivial to downgrade udev to an earlier version on Funtoo Linux and this kernel has a track-record of being rock-solid. When stability is paramount, you put up with the udev downgrade, use this kernel, and can enjoy hundreds of days of uptime. For more information on how to use this kernel with Funtoo Linux, see the [[RHEL5 Kernel HOWTO]].<br />
<br />
=== ubuntu-server ===<br />
<br />
This is the kernel from Ubuntu Server. Version <tt>2.6.32.32.62</tt> is the same version used in Ubuntu Server 10.04 LTS, and version <tt>2.6.35.28.50</tt> is the one used in Ubuntu Server 10.10 (currently masked). In our testing of <tt>2.6.32.32.62</tt>, it has been very reliable and offers very good performance. One exception, which is common among 2.6.32-based kernels, is that it's recommended that you emerge <tt>broadcom-netxtreme2</tt> if you have any Broadcom-based NICs, as the in-kernel drivers have compatibility issues with certain models. This kernel is a very good option if you want a relatively modern server kernel and do not need [[OpenVZ]] support. We use gcc-4.4.5 to build this kernel. It will use gcc-4.4.5 automatically, without requiring the user to use <tt>gcc-config</tt>.<br />
<br />
=== debian-sources ===<br />
<br />
This is the Debian kernel. '''These ebuilds now support the <tt>binary</tt> USE flag.''' Daniel has added a special <tt>config-extract</tt> command which can be used to list all available official Debian kernel configurations, and generate them from the Debian files included with the kernel. This kernel has optional [[OpenVZ]] support, but it is much better to use <tt>openvz-rhel6-stable</tt> if you want a production-quality OpenVZ installation. For more information about how to use <tt>debian-sources</tt> and <tt>config-extract</tt>, see [[#Using Debian-Sources with Genkernel|Using debian-sources with Genkernel]] below.<br />
<br />
=== debian-sources-lts ===<br />
<br />
This is the Debian long-term stable kernel. '''These ebuilds now support the <tt>binary</tt> USE flag.''' Daniel has added a special <tt>config-extract</tt> command which can be used to list all available official Debian kernel configurations, and generate them from the Debian files included with the kernel.<br />
<br />
== Binary USE ==<br />
<br />
Many of the kernel ebuilds in Funtoo Linux support the very useful <tt>binary</tt> USE flag. By enabling this USE flag and emerging the kernel, the ebuild will automatically build a binary kernel image, initramfs and kernel modules and install them to <tt>/boot</tt>. The binary kernel image and initramfs can be used to boot your Funtoo Linux system without requiring any additional configuration. This is a great way to get a Funtoo Linux system up and running quickly. Here's how to do it:<br />
<br />
<pre><br />
# echo "sys-kernel/openvz-rhel5-stable binary" >> /etc/portage/package.use<br />
# emerge openvz-rhel5-stable<br />
# nano -w /etc/boot.conf<br />
# boot-update<br />
</pre><br />
<br />
More information can be found in the [[Funtoo Linux Installation]] Guide.<br />
<br />
== Funtoo Linux Genkernel ==<br />
<br />
Funtoo Linux contains a forked/enhanced version of genkernel with the following new capabilities:<br />
<br />
* genkernel can use a build directory that is separate from the kernel source directory. This is enabled using the new <tt>--build-dst</tt> option.<br />
* <tt>--build-src</tt> is a new option that is equivalent to the <tt>--kerneldir</tt> option.<br />
* <tt>--fullname</tt> can be used to specify the entire name of the kernel and initramfs images -- everything after <tt>kernel-</tt> and <tt>initramfs-</tt>.<br />
* <tt>--firmware-src</tt> - a new option that works identically to <tt>--firmware-dir</tt>.<br />
* <tt>--firmware-dst</tt> - a new capability - you can now define where genkernel installs firmware.<br />
* Genkernel uses Funtoo Linux <tt>lvm2</tt> rather than building its own.<br />
* Some compile fixes.<br />
<br />
== Kernel Features and Stability ==<br />
<br />
This page provides an overview of kernel features and stability information:<br />
<br />
{| {{table}} <br />
!Kernel Name<br />
!Version<br />
!USE flags<br />
!Stability<br />
!Extra Features<br />
!Req'd udev<br />
!Notes<br />
|-<br />
|<tt>[[#vanilla-sources|vanilla-sources]]</tt><br />
|3.11.1<br />
|N/A<br />
|'''Excellent''' - recommended for desktops and servers.<br />
|N/A<br />
|Any<br />
|Recommended for modern networking stack, hardware and [[Linux Containers]] support. This kernel must be manually configured by the user. New Features: [http://kernelnewbies.org/Linux_3.11 kernelnewbies.org/linux_3.11] New Drivers: [http://kernelnewbies.org/Linux_3.11-DriversArch kernelnewbies/Linux_3.11-DriversArch]<br />
|-<br />
|<tt>[[#gentoo-sources|gentoo-sources]]</tt><br />
|3.11.1<br />
|N/A<br />
|'''Excellent''' - recommended for desktops and workstations<br />
|N/A<br />
|Any<br />
|Recommended for modern networking stack, hardware and [[Linux Containers]] support. This kernel must be manually configured by the user. New Features: [http://kernelnewbies.org/Linux_3.11 kernelnewbies.org/linux_3.11] New Drivers: [http://kernelnewbies.org/Linux_3.11-DriversArch kernelnewbies/Linux_3.11-DriversArch]<br />
|-<br />
|<tt>[[#sysrescue-std-sources|sysrescue-std-sources]]</tt><br />
|2.6.38.220<br />
|<tt>binary</tt><br />
|''Good'' - recommended for desktops<br />
|N/A<br />
|Any<br />
|Nvidia card users: binary use flag installs nouveau drivers. Not compatible with nvidia-drivers.<br />
|-<br />
|<tt>[[#openvz-rhel6-stable|openvz-rhel6-stable]]</tt><br />
|2.6.32.042.075.2<br />
|<tt>binary</tt><br />
|'''Excellent''' - recommended for production servers<br />
|N/A<br />
|Any<br />
|This kernel is built with gcc-4.4.5. <tt>emerge broadcom-netxtreme2</tt> for reliable BCM5709+ support (integrated NIC)<br />
|-<br />
|<tt>[[#openvz-rhel5-stable|openvz-rhel5-stable]]</tt><br />
|2.6.18.028.095.1<br />
|<tt>binary</tt><br />
|'''Excellent''' - recommended for production servers<br />
|OpenVZ<br />
|=sys-fs/udev-146*<br />
|Broadcom <tt>bnx2</tt> driver module bundled with kernel appears to be OK. This kernel is built with gcc-4.1.2. Enabling the <tt>binary</tt> USE flag will cause gcc-4.1.2 to be emerged and used for building the kernel.<br />
|-<br />
|<tt>[[#ubuntu-server|ubuntu-server]]</tt><br />
|2.6.32.32.62<br />
|<tt>binary</tt><br />
|'''Excellent''' - recommended for production servers (still in extended testing)<br />
| N/A<br />
|Any<br />
|This kernel is built with gcc-4.4.5. <tt>emerge broadcom-netxtreme2</tt> for reliable BCM5709+ support (integrated NIC)<br />
|-<br />
|<tt>[[#ubuntu-server|ubuntu-server]]</tt><br />
|2.6.35.28.50<br />
|<tt>binary</tt><br />
|''not yet tested''<br />
| N/A<br />
|Any<br />
|This kernel is built with gcc-4.4.5. <tt>emerge broadcom-netxtreme2</tt> for reliable BCM5709+ support (integrated NIC)<br />
|-<br />
|<tt>[[#debian-sources|debian-sources]]</tt><br />
|3.2.41<br />
|<tt>openvz</tt><br />
|''Good'' - default kernel recommended by Funtoo<br />
|OpenVZ (optional)<br />
|Any<br />
|See [[#Using debian-sources with Genkernel]], below.<br />
|-<br />
|}<br />
<br />
== Using Debian-Sources with Genkernel ==<br />
<br />
{{ fancyimportant|Debian-sources is now fully compatible with ''binary'' USE flag and recommended for desktop users. The below example is valid for manual installation. At least 12G of /var/tmp required to build <br />
}}<br />
This section describes how to build a binary kernel with <tt>debian-sources</tt> and <tt>genkernel</tt>, and it also explains how to use Funtoo Linux's <tt>config-extract</tt> tool to list and create official Debian kernel configurations.<br />
<br />
=== First step: emerging the required packages ===<br />
<br />
The first step is to emerge:<br />
<br />
# The Debian sources<br />
# Genkernel itself<br />
<br />
This is achieved with:<br />
<br />
<pre><br />
# emerge sys-kernel/debian-sources sys-kernel/genkernel<br />
</pre><br />
<br />
Once the Debian kernel sources are deployed, you should find a directory named '''linux-debian-''version''''' (e.g. linux-debian-2.6.32.30) under '''/usr/src'''. Update your the '''linux''' symlink to point on this directory:<br />
<pre><br />
# cd /usr/src<br />
# rm linux<br />
# ln -s linux-debian-2.6.32.30 linux<br />
</pre><br />
Alternatively, emerge the debian-sources with USE="symlink"<br />
=== Second step: Grabbing a configuration file ===<br />
<br />
If is now time to download the kernel configuration file. For this tutorial we will use a configuration file for AMD64 (several others architectures like MIPS or SPARC64 are available.) To view a complete list of available kernel configurations, type <tt>./config-extract -l</tt> in the Debian kernel source directory:<br />
<br />
<pre><br />
ninja1 linux-debian-2.6.32.30 # ./config-extract -l<br />
<br />
====== standard featureset ======<br />
<br />
alpha: alpha-generic, alpha-legacy, alpha-smp<br />
amd64<br />
armel: iop32x, ixp4xx, kirkwood, orion5x, versatile<br />
hppa: parisc, parisc-smp, parisc64, parisc64-smp<br />
i386: 486, 686, 686-bigmem, amd64<br />
ia64: itanium, mckinley<br />
m68k: amiga, atari, bvme6000, mac, mvme147, mvme16x<br />
mips: 4kc-malta, 5kc-malta, r4k-ip22, r5k-ip32, sb1-bcm91250a, sb1a-bcm91480b<br />
mipsel: 4kc-malta, 5kc-malta, r5k-cobalt, sb1-bcm91250a, sb1a-bcm91480b<br />
powerpc: powerpc, powerpc-smp, powerpc64<br />
s390: s390x, s390x-tape<br />
sh4: sh7751r, sh7785lcr<br />
sparc: sparc64, sparc64-smp<br />
sparc64: sparc64, sparc64-smp<br />
<br />
====== vserver featureset ======<br />
<br />
amd64<br />
i386: 686, 686-bigmem<br />
ia64: itanium, mckinley<br />
powerpc: powerpc, powerpc64<br />
s390<br />
sparc<br />
sparc64<br />
<br />
====== xen featureset ======<br />
<br />
amd64<br />
i386<br />
<br />
====== openvz featureset ======<br />
<br />
amd64<br />
i386<br />
</pre><br />
<br />
Type <tt>config-extract -h</tt> for extended usage information:<br />
<br />
<pre><br />
ninja1 linux-debian-2.6.32.30 # ./config-extract -h<br />
This work is free software.<br />
<br />
Copyright 2011 Funtoo Technologies. You can redistribute and/or modify it under<br />
the terms of the GNU General Public License version 3 as published by the Free<br />
Software Foundation. Alternatively you may (at your option) use any other<br />
license that has been publicly approved for use with this program by Funtoo<br />
Technologies (or its successors, if any.)<br />
<br />
usage: config-extract [options] arch [featureset] [subarch]<br />
<br />
-h --help print this usage and exit<br />
-l --list list all available kernel configurations<br />
-o --outfile specify kernel config outfile --<br />
defaults to .config in current directory<br />
[featureset] defaults to "none" if not specified<br />
[subarch] defaults to the only one available; otherwise required<br />
<br />
This program was written by Daniel Robbins for Funtoo Linux, for the purpose of<br />
easily and conveniently extracting Debian kernel configurations. To see a nice<br />
list of all available kernel configurations, use the --list option.<br />
<br />
Debian's kernel configs are specified internally in arch_featureset_flavor<br />
format, such as: "amd64_openvz_amd64". The featureset typically describes an<br />
optional kernel configuration such as "xen" or "openvz", while the flavor in<br />
Debian terminology typically refers to the sub-architecture of the CPU.<br />
<br />
When using this command, you must specify an arch. A featureset of "none" is<br />
assumed unless you specify one, and by default this program will pick the only<br />
available subarch if there is only one to choose from. If not, you will need to<br />
pick one (and the program will remind you to do this.)<br />
<br />
The kernel configuration will be written to ".config" in the current directory,<br />
or the location you specified using the -o/--outfile option.<br />
</pre><br />
<br />
Let's use <tt>config-extract</tt> to create a kernel configuration for an amd64 system:<br />
<br />
<pre><br />
# cd linux<br />
# ./config-extract amd64<br />
Wrote amd64_none_amd64 kernel configuration to /usr/src/linux-debian-2.6.32.30/.config.<br />
</pre><br />
<br />
<tt>config-extract</tt> also allows you to extract special Debian featuresets, such as settings for Xen and [[OpenVZ]] kernels:<br />
<br />
<pre><br />
# ./config-extract amd64 openvz<br />
Wrote amd64_openvz_amd64 kernel configuration to /usr/src/linux-debian-2.6.32.30/.config.<br />
</pre><br />
<br />
'''It is necessary to name the kernel configuration file something other than ".config" to avoid errors with genkernel.'''<br />
<br />
<br />
After using <tt>config-extract</tt>, run <tt>make oldconfig</tt> and accept all default options by hitting Enter at all prompts.<br />
<br />
=== Third step: Building and installing the kernel ===<br />
<br />
This is simply achieved by:<br />
<br />
<pre><br />
# genkernel --kernel-config=config-2.6.32-5-amd64 all<br />
</pre><br />
<br />
* --kernel-config: use the given configfile. If you only give a filename here, it is searched for in your current working dir. You can also use a relative or an absolute path leading to your configfile here (for example: "--kernel-config=/usr/src/linux/configfile").<br />
* all: rebuild the kernel image and the initramfs ramdisk image (aside of kernel modules, the ramdisk image contains tools such as BusyBox and some generic startup scripts, depending on options you use on the command line several additional tools like lvm or raid volume management can be incorporated as well).<br />
<br />
{{ fancyimportant|Unless explicitly stated via ''--no-clean'' or ''--no-mrproper'', Genkernel will do a '''make mrproper''' in the kernel source tree, thus cleaning a previous build '''and removing the previous kernel configuration file''' in it. <br />
}}<br />
<br />
If you use Genkernel to rebuild a Linux kernel on SPARC64, remember to either:<br />
* Set '''sparc64-unknown-linux-gnu-''' in ''General setup --> Cross-compiler tool prefix'' <br />
* Put '''--kernel-cross-compile=sparc64-unknown-linux-gnu-''' on the Genkernel command line<br />
<br />
Once the kernel has been compiled and the ram disk has been generated, the kernel image plus its companion files (initramfs image and System.map) are placed in the /boot directory. You can use your favourite tool to update your bootloader configuration files.<br />
<br />
[[Category:Internals]]<br />
[[Category:Funtoo features]]<br />
[[Category:Kernel]]</div>78.98.72.182